ACO DisableDNSLookup behavior clarification and details in Web Agent
book
Article ID: 11079
calendar_today
Updated On:
Products
CA Single Sign On Secure Proxy Server (SiteMinder)CA Single Sign On SOA Security Manager (SiteMinder)CA Single Sign-OnSITEMINDERCA Single Sign On Agents (SiteMinder)CA Single Sign On Federation (SiteMinder)
Issue/Introduction
Questions about the behavior of the ACO parameter DisableDNSLookup:
With DisableDNSLookup set to NO, does the Web Agent do a Reverse DNS Lookup when it receives a request with an IP Address instead of a Fully Qualified Domain Name in the URL?
When DisableDNSLookup is set to NO, how does the Web Agent do the reverse DNS Lookup?
Does DisableDNSLookup disable forward DNS Lookup too, as requesting the IP Address from the FQDN?
Resolution
Yes, it does.
And this is to prevent the behavior that the DisableDNSLookup=YES will disable these reverse DNS requests.
372 8.522751 10.0.0.1 10.0.0.2 DNS Standard query PTR 1.0.0.10.in-addr.arpa 688 15.368671 10.0.0.2 10.0.0.1 DNS Standard query response PTR _host.example.com
[05/30/2014][05:39:37][22617][1124198720][CSmHttpPlugin.cpp:3967][CSmHttpPlugin::ResolveFQServerName, DNSLookups disabled, checking to see if cookiedomain added!][][][][][][][10.0.0.1]